Essential PowerShell Scripts for Active Directory User and Group Management

By /

Essential PowerShell Scripts for Active Directory Management

Managing Active Directory via PowerShell saves time and reduces manual errors. Here are four core scripts for everyday AD tasks. Copy and paste them into your PowerShell console or save each as a .ps1 file.

1. List All AD Users

Retrieves every user in your domain and shows key properties.

powershell
Import-Module ActiveDirectory

Get-ADUser -Filter * |
  Select-Object Name,
                SamAccountName,
                UserPrincipalName,
                Enabled

What it does:

  • Loads the Active Directory module.
  • Uses Get-ADUser -Filter * to grab all users.
  • Pipes results into Select-Object to display only Name, SamAccountName, UserPrincipalName, and Enabled status.

2. List All AD Groups

Fetches every group in your domain and displays its type and scope.

powershell
Import-Module ActiveDirectory

Get-ADGroup -Filter * |
  Select-Object Name,
                GroupCategory,
                GroupScope

What it does:

  • Loads the Active Directory module.
  • Uses Get-ADGroup -Filter * to retrieve all groups.
  • Shows each group’s Name, whether it’s a Distribution or Security group, and its scope (DomainLocal, Global, Universal).

3. Find a Specific User

Searches for a user by display name or username, then shows their details.

powershell
Import-Module ActiveDirectory

$searchTerm = Read-Host "Enter the user's name or username to search"

Get-ADUser -Filter {Name -like "*$searchTerm*" -or SamAccountName -like "*$searchTerm*"} |
  Select-Object Name,
                SamAccountName,
                UserPrincipalName,
                Enabled

What it does:

  • Prompts you to enter a name or SamAccountName fragment.
  • Filters AD users whose Name or SamAccountName contains that term.
  • Displays their Name, SamAccountName, UserPrincipalName, and Enabled status.

4. List Members of a Specific Group

Gets all user members of a given group with their details.

powershell

Import-Module ActiveDirectory

$groupName = Read-Host "Enter the group name"

Get-ADGroupMember -Identity $groupName |
  Where-Object { $_.objectClass -eq 'user' } |
  Get-ADUser -Properties Name, SamAccountName, UserPrincipalName, Enabled |
  Select-Object Name,
                SamAccountName,
                UserPrincipalName,
                Enabled

What it does:

  • Prompts for the target group name.
  • Retrieves all members of that group.
  • Filters to only user objects.
  • Fetches full user objects and selects Name, SamAccountName, UserPrincipalName, and Enabled.

Save these snippets as separate .ps1 files or run them directly in your PowerShell session. They form the foundation for AD automation, reporting, and bulk management.

LinkedInCopyPinterestRedditTelegram

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top